PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)
hc at hcesperer.org
Thu Sep 20 17:00:26 CEST 2018
On Thu, Sep 20, 2018 at 10:46:45AM -0400, Alan DeKok wrote:
> > Now I wonder whether EAP-PWD, which uses a PSK per user, also provides forward
> > secrecy? My assumption is that it doesn't.
> Forward secrecy depends on the cipher suite you select. So "it all depends" is the best answer.
I just discussed on the #freeradius irc channel: Apparently EAP-PWD always
guarantees forward secrecy. https://tools.ietf.org/html/rfc5931#page-35 7.b.2.
More information about the Freeradius-Users